Forwarding DMZ firewall Logs to VRLI

  1. Scope and Purpose of the Blog

The documents describes the detailed steps involved in conducting POC for  configuring VRLI to be  Syslog server for any physical device here for DMZ Firewalls , by  leveraging DMZ Firewalls option to forward the predefined logs to a syslog server in their settings. So ,if it got successful  , vRLI will capture the logs and save it in form of events in its database. So in future if we want to export those logs from vRLI, it will be in form of CSV format .

  1. Assumptions and Constraints

Following are the assumptions made while creating this document :

  • One test device is available on which settings have to be made for this POC . 

  • vRLI cluster is working fine . 

  • Further action plan , will be decided on the basis of POC results . 

  1. Procedure

    1. Configuring VRLI server as Syslog Server in Test Device :

  1. Open the Syslog settings on device “TEST Machine ”and below dialog box will open  . 


  1. Here , enable syslog server . 

  2. Enter vRLI FQDN or IP in syslog settings of firewall device with Syslog server port as 514 . 

  3. By this setting , we are configuring vRLI as syslog server for this device . 

  1. Checking on vRLI side - 

We  have configured vRealize Log Insight to collect logs forwarded by DMZ Firewalls . Now , perform the following steps on VRLI :

  1. Login to VRLI FQDN using admin credentials. 

  2. Click Interactive login on the  vRLI dashboard . 

  3. Choose "source" as IP of DMZ Firewalls server IP and hit enter . 

  4. Observe for 24 hours and then check again . 

  1. Result of POC  - 

Possibility 1 -  No logs of DMZ Firewalls  TEST device is received at vRLI after 24-48 hours of POC configuration . Then , it states , we cannot use vRLI as syslog server for DMZ Firewalls due to below reasons :

  • We have already checked in MarketPlace, there is no content pack for DMZ Firewalls.

  • Content pack act as a mediator between Third Party Application and vRLI, when we want to deeply analyse the logs and present in forms of Dashboards and other vRLI features ; which is absent for DMZ Firewalls

  • vRLI agent are only for Windows and Linux operating system and as DMZ Firewalls are using Native OS ; so this is not possible with the help of agent as well . 

Possibility 2 - Logs of DMZ Firewalls TEST device  are  received at vRLI after 24-48 hours of POC configuration .Then we are successfully , leveraging DMZ Firewalls option to forward the predefined logs to a syslog server in their settings. So , by this way , vRLI captures the logs and save it in form of events in its database. So in future if we want to export those logs from vRLI, it will be in form of CSV format . 

Result of our POC  - 

Logs of DMZ Firewalls TEST device  are  received at vRLI after 24-48 hours of POC configuration .Then we are successfully , leveraging DMZ Firewalls option to forward the predefined logs to a syslog server in their settings. So , by this way , vRLI captures the logs and save it in form of events in its database. So in future if we want to export those logs from vRLI, it will be in form of CSV format . 

Comments

Post a Comment

Popular posts from this blog

Configuring TLS (Secured Authentication)for vRA-vRO Appliances

Image
Scope and Purpose of the Blog This blog contains the use-case and requirements for configuring TLS (Secured Authentication) settings on VRA VRO appliances .  This document aims at mitigating the major risk of vRA vRO communicating with domain controller for LDAP queries in plain text\weak ciphers.  This document actually configures the server\devices to communicate with domain controllers using TLS(Secured Authentication). Assumptions and Constraints Following are the assumptions made while creating this document : For performance considerations, TLS is not enabled for localhost connections between some application services. Where defence in depth is of concern, enable TLS on all localhost communications. Disable insecure protocols such as SSLv2, SSLv3, and TLS 1.0 on all load balancers in case If we are terminating TLS on the load balancer.  vRealize Automation deployment uses strong TLS protocols to secure transmission channels for vRealize Automation appliance componen...
Read more

VRA_vRO Migration to 8.x

  Scope and Purpose of the Document The document  describes the detailed steps involved in migrating the vRA from 7.6 to 8.x version and testing the functionality post migration .  Assumptions and Constraints Following are the assumptions made while creating this document : VRA 7.6 is being migrated to 8.x version  VRA 7.6 was working fine . Migration Pre-reqs : Backup your vRealize Automation 7 source environment. Since , our source vRealize Automation 7 content has dependencies on vRealize Orchestrator, we must first migrate vRealize Orchestrator. If we migrate vRealize Automation without migrating vRealize Orchestrator first, migration fails. To migrate embedded vRealize Orchestrator content with vRealize Automation, we must first migrate vRealize Orchestrator. Manually create tenants using LCM. vIDM tenant migration is not supported in vRealize Automation 8.2. We must first import and install the IPAM plugin in vRealize Automation Cloud Assembly to migrate an IPA...
Read more

Automatic Snapshot using VRO workflow

Image
Scope and Purpose of the Blog This document contains the usecase and requirements for creating automatic snapshot of  vm(s) using vRO workflow .  The documents describes the detailed steps involved in the execution of the workflow .  The purpose of this task is to use vro workflow to eliminate manual process of taking snapshots .   Assumptions and Constraints Following are the assumptions made while creating this document : VRO is working fine . vRO is able to reach vm in vCenter / Azure platform. Automatic Snapshot Workflow Details : Inputs   - Name  Type  Description name string Snapshot name. The name need not be unique for this virtual machine. description string Snapshot description. memory boolean If TRUE, the snapshot includes a dump of the internal state of the virtual machine (a memory dump). quiesce boolean If TRUE and the virtual machine is powered on when the snapshot is taken, VMware Tools are used to quiesce the file system in the vi...
Read more